Stay organized with collections
Save and categorize content based on your preferences.
This page provides instructions on how to create or update a VLAN
attachment in Google Distributed Cloud (GDC) air-gapped.
A VLAN attachment represents an attachment of a Virtual Local Area
Network (VLAN) and its associated BGP session configuration to an interconnect
link. The VLAN specifies which part of your network has access through this
connection.
The VLAN attachment and its associated BGP session configuration are a required
resource for setting up a secure air-gapped connection with high bandwidth and
low latency.
This page is for developers within the application operator group who are
looking to establish connectivity with interconnects. For more information, see
Audiences for GDC air-gapped
documentation.
Before you begin
To create or update a VLAN attachment, you must have the following:
A submitted ticket in the GDC portal requesting an
interconnect with your chosen specifications, such as 10 G of redundant
connectivity.
The necessary resource information and IDs for the interconnect resources
that the Infrastructure Operator (IO) configures. For more
information, see Interconnect creation
process.
UNIQUE_INTERCONNECT_NAME: unique name for this InterconnectAttachment resource.
INTERCONNECT_LINK_NAME: the universal
object reference to the interconnect link in the gpc-system namespace.
INTERCONNECT_GROUP_NAME: the
universal object reference to the interconnect group in the gpc-system
namespace containing INTERCONNECT_LINK_NAME.
LOCAL_IP_SUBNET: the local IP address
of the /31 peer on the GDC side.
LOCAL_ASN: the local autonomous system
number (ASN) of the Border Gateway Protocol (BGP).
PEER_ASN: the peer autonomous system
number (ASN) of the Border Gateway Protocol (BGP).
PEER_IP: the peer IP address of the
/31 peer on the side of the peer.
PEER_EXTERNAL_SUBNET: the peer external
subnet that this interconnect allows. If there is more than one subnet,
list all of them in the peerExternalSubnets field.
ROUTE_POLICY_NAME: the universal object
reference to the route policy in the gpc-system namespace.
ATTACHMENT_GROUP_NAME: the universal
object reference to the route policy in the gpc-system namespace that
this attachment is a part of.
The output returns the VLAN attachment and shows True in the Ready column:
NAME AGE TYPE MTU VLAN-ID INTERCONNECT GROUP INTERCONNECT LINK READY
interconnect-attachment-zv-aa-blsw01-directconnect-1 3d2h DirectConnect 3966 interconnect-group-directconnect-1 interconnect-zv-aa-blsw01-directconnect-1 True
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThis page outlines the process for creating or updating a VLAN attachment in Google Distributed Cloud (GDC) air-gapped environments, which is necessary to connect your network to an interconnect link.\u003c/p\u003e\n"],["\u003cp\u003eBefore creating a VLAN attachment, you must submit a ticket for an interconnect, have the necessary resource information, and possess the required identity and access roles.\u003c/p\u003e\n"],["\u003cp\u003eThe process involves creating a YAML file (\u003ccode\u003einterconnectattachment.yaml\u003c/code\u003e) with specific configuration details, including interconnect link references, BGP session settings, route policy, attachment group, and VLAN ID.\u003c/p\u003e\n"],["\u003cp\u003eAfter configuring the YAML file, you apply it using \u003ccode\u003ekubectl\u003c/code\u003e to create the VLAN attachment, and then you can verify its successful creation by checking its status, ensuring it displays 'True' in the 'Ready' column.\u003c/p\u003e\n"]]],[],null,["# Create a VLAN attachment\n\nThis page provides instructions on how to create or update a VLAN\nattachment in Google Distributed Cloud (GDC) air-gapped.\n\nA VLAN attachment represents an attachment of a Virtual Local Area\nNetwork (VLAN) and its associated BGP session configuration to an interconnect\nlink. The VLAN specifies which part of your network has access through this\nconnection.\n\nThe VLAN attachment and its associated BGP session configuration are a required\nresource for setting up a secure air-gapped connection with high bandwidth and\nlow latency.\n\nThis page is for developers within the application operator group who are\nlooking to establish connectivity with interconnects. For more information, see\n[Audiences for GDC air-gapped\ndocumentation](/distributed-cloud/hosted/docs/latest/gdch/resources/audiences).\n\nBefore you begin\n----------------\n\nTo create or update a VLAN attachment, you must have the following:\n\n- A submitted ticket in the GDC portal requesting an interconnect with your chosen specifications, such as 10 G of redundant connectivity.\n- The necessary resource information and IDs for the interconnect resources that the Infrastructure Operator (IO) configures. For more information, see [Interconnect creation\n process](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/interconnects/interconnect-overview#interconnect-creation).\n- The necessary identity and access roles. For more information, see [Prepare predefined roles and permissions](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/interconnects/interconnect-overview#prepare-roles).\n\nCreate or update a VLAN attachment\n----------------------------------\n\nTo create or update a VLAN attachment, follow these steps:\n\n1. Create a YAML file named `interconnectattachment.yaml`.\n2. Add the following content to the file:\n\n apiVersion: system.private.gdc.goog/v1alpha1\n kind: InterconnectAttachment\n metadata:\n name: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eUNIQUE_INTERCONNECT_NAME\u003c/span\u003e\u003c/var\u003e\n namespace: gpc-system\n spec:\n interconnectLinkRef:\n name: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eINTERCONNECT_LINK_NAME\u003c/span\u003e\u003c/var\u003e\n namespace: gpc-system\n parentInterconnectRef:\n name: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eINTERCONNECT_GROUP_NAME\u003c/span\u003e\u003c/var\u003e\n namespace: gpc-system\n parentInterconnectType: DirectConnect\n bgpSessionConfig:\n localIP: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eLOCAL_IP_SUBNET\u003c/span\u003e\u003c/var\u003e\n localASN: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eLOCAL_ASN\u003c/span\u003e\u003c/var\u003e\n peerASN: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003ePEER_ASN\u003c/span\u003e\u003c/var\u003e\n peerIP: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003ePEER_IP\u003c/span\u003e\u003c/var\u003e\n peerExternalSubnets:\n - \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003ePEER_EXTERNAL_SUBNET\u003c/span\u003e\u003c/var\u003e\n routePolicyRef:\n name: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eROUTE_POLICY_NAME\u003c/span\u003e\u003c/var\u003e\n namespace: gpc-system\n attachmentGroup:\n name: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eATTACHMENT_GROUP_NAME\u003c/span\u003e\u003c/var\u003e\n namespace: gpc-system\n vlanID: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eVLAN_ID\u003c/span\u003e\u003c/var\u003e\n status: {}\n\n3. Replace the following:\n\n - \u003cvar translate=\"no\"\u003eUNIQUE_INTERCONNECT_NAME\u003c/var\u003e: unique name for this `InterconnectAttachment` resource.\n - \u003cvar translate=\"no\"\u003eINTERCONNECT_LINK_NAME\u003c/var\u003e: the universal object reference to the interconnect link in the `gpc-system` namespace.\n - \u003cvar translate=\"no\"\u003eINTERCONNECT_GROUP_NAME\u003c/var\u003e: the universal object reference to the interconnect group in the `gpc-system` namespace containing \u003cvar translate=\"no\"\u003eINTERCONNECT_LINK_NAME\u003c/var\u003e.\n - \u003cvar translate=\"no\"\u003eLOCAL_IP_SUBNET\u003c/var\u003e: the local IP address of the `/31` peer on the GDC side.\n - \u003cvar translate=\"no\"\u003eLOCAL_ASN\u003c/var\u003e: the local autonomous system number (ASN) of the Border Gateway Protocol (BGP).\n - \u003cvar translate=\"no\"\u003ePEER_ASN\u003c/var\u003e: the peer autonomous system number (ASN) of the Border Gateway Protocol (BGP).\n - \u003cvar translate=\"no\"\u003ePEER_IP\u003c/var\u003e: the peer IP address of the `/31` peer on the side of the peer.\n - \u003cvar translate=\"no\"\u003ePEER_EXTERNAL_SUBNET\u003c/var\u003e: the peer external subnet that this interconnect allows. If there is more than one subnet, list all of them in the `peerExternalSubnets` field.\n - \u003cvar translate=\"no\"\u003eROUTE_POLICY_NAME\u003c/var\u003e: the universal object reference to the route policy in the `gpc-system` namespace.\n - \u003cvar translate=\"no\"\u003eATTACHMENT_GROUP_NAME\u003c/var\u003e: the universal object reference to the route policy in the `gpc-system` namespace that this attachment is a part of.\n - \u003cvar translate=\"no\"\u003eVLAN_ID\u003c/var\u003e: the VLAN ID to use on this interconnect.\n4. Create the VLAN attachment:\n\n kubectl apply -f interconnectattachment.yaml -n gpc-system\n --kubeconfig=\u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER\u003c/var\u003e\n\n Replace \u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER\u003c/var\u003e with the path to the\n kubeconfig file for the Management API server.\n5. Check that the creation of the VLAN attachment is successful:\n\n kubectl get interconnectattachment -n gpc-system\n --kubeconfig=\u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER\u003c/var\u003e\n\n6. The output returns the VLAN attachment and shows `True` in the `Ready` column:\n\n NAME AGE TYPE MTU VLAN-ID INTERCONNECT GROUP INTERCONNECT LINK READY\n interconnect-attachment-zv-aa-blsw01-directconnect-1 3d2h DirectConnect 3966 interconnect-group-directconnect-1 interconnect-zv-aa-blsw01-directconnect-1 True"]]
